The Intrusion System performs real-time packet analysis on all network traffic to detect and prevent malicious network activity. The Smoothwall can detect a vast array of well-known service exploits including buffer overflow attempts, port scans and CGI attacks.
All violations are logged, and the logged data can be used to strengthen the Smoothwall Firewall by creating IP block rules against identified networks and source IPs.
Customized and automatic rules in the intrusion detection and intrusion prevention systems. Configure Smoothwall’s intrusion detection and prevention rules for inclusion in IDS and IPS policies. Turn on and configure policies to monitor network activity using the Intrusion Detection System (IDS). Turn on and configure policies to monitor network activity using the Intrusion Prevention System (IPS).
- The Smoothwall comes with several intrusion policies by default, which you can deploy immediately. The default policies will change as emerging threats change and is updated regularly.
- You can also create your own custom policies to suit your individual network.
Tip: If the list of signatures takes some time to load, try upgrading to the latest version of your browser to speed up the process.
Create a custom detection policy
- On the SERVICES menu, under the Intrusion system submenu, click Policies.
- Under the Policy section, enter a meaningful Name and an optional Comment.
- From the list of signatures, select all the signatures that you want to include in the policy.
- Click Add.
Deploy an intrusion detection policy
- On the SERVICES menu, under the Intrusion system submenu, click IDS.
- Under the Global section, click Enabled and click Add new IDS policy.
- New policies are turned on by default. Clear the Status option to create an inactive policy.
- From the Interface list, select the interface to deploy this policy for.
- From the Policy options, select the policies that you want to apply to your selected interface.
- Enter a descriptive Comment and click Add.
Follow-up tasks
- To edit deployed intrusion detection policies, under the IDS policies section, click Edit, adjust the configuration and click Save changes.
- Deleting deployed intrusion detection policies, under the IDS policies section, select the policy that you want to delete and click Delete.